<?php

include '../lib/library.php';

$addr = address();
$rel_addr = relative_address();

//Database connection
include $rel_addr.'/lib/mysql_connect.inc';

$problem = false;

if(!isset($_GET['username']) || !isset($_GET['password'])){
	$echo .=  '
	<script>
	window.location = "'.$addr.'";
	</script>
	';
	
	echo $echo;
	exit;
}

$_GET['username'] = mysql_real_escape_string($_GET['username']);
$_GET['password'] = mysql_real_escape_string($_GET['password']);

	if(empty($_GET['username'])){
		$problem = true;
		$$echo .=  '
			<P class="error">Please enter a username</P>
		';
	}
	if(empty($_GET['password'])){
		$problem = true;
		$echo .=  '
			<P class="error">Please enter a password</P>
		';
	}
	
	$user_exists = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='{$_GET['username']}'"));
	if(!empty($_GET['username']) && $user_exists == 0){
		$problem = true;
		$echo .=  '
			<p class="error">That username does not exist</P>
		';
	}
	
	$password = mysql_fetch_array(mysql_query("SELECT password FROM users WHERE username='{$_GET['username']}'"));
	$md5ed_password = md5($_GET['password']);

	if($password['password'] != $md5ed_password){
		$problem = true;
		$echo .=  '
			<P class="error">You have entered an incorrect password</P>
		';
		$_GET['password'] = null;
	}
	
	if(!$problem){
		
		session_name("Login");
		session_start();
		$stats = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username='{$_GET['username']}'"));
		$_SESSION['m_username'] = $_GET['username'];
		$_SESSION['m_state'] = $stats['state'];
		$_SESSION['m_city'] = $stats['city'];
		$_SESSION['m_member_type'] = $stats['member_type'];
		$_SESSION['m_user_id'] = $stats['user_id'];
		$_SESSION['m_name'] = $stats['name'];
		
	}else{
		echo $echo;
	}

?>